Sign in to follow this  
Followers 0
j.silver

.htaccess File

7 posts in this topic

Dear all,

 

As you know, an .htaccess file placed in a directory to be affected (protected) is useful in websites hosted in an Appache server to protect such directories from prying eyes. But I have noticed that recommendation is to place such files inside certain directories only, e.g., inside includes and views (that contains home page, shopping cart, listing of products, etc.) directories.

 

I thought we could as well protect all other directories should there be no downside to protecting all. Any thoughts on why we should not include an .htaccess file inside all directories will be appreciated.

Share this post


Link to post
Share on other sites

You wouldn't need it inside directories you don't want to protect. The more directories you have, the harder it's going to be to keep track of all your .htaccess files.

 

You could also just have one .htaccess file in the root and use directives to choose which folders and files to protect.

Share this post


Link to post
Share on other sites

Many thanks Ingolme

You could also just have one .htaccess file in the root and use directives to choose which folders and files to protect.

 

 

Which of the two methods (placing it inside the desired directory or your above suggestion) is better in terms of better protection or overall performance of the website or any other reason?

Share this post


Link to post
Share on other sites

Both options are exactly the same regarding protection and performance.

 

The method you use depends on which one you find easier to maintain. Do you prefer larger amount of code in one file or small pieces of code in multiple files?

Share this post


Link to post
Share on other sites

Many thanks for your clarification. I have not come across how to do it the way you suggested. I would appreciate sharing any handy reliable source of example of how to do it, or I would just search the web.

Share this post


Link to post
Share on other sites

The Apache project recommends that instead of using .htaccess files, you put all directives in the main server configuration file, so that Apache does not need to scan for and process .htaccess files in every directory when someone requests a file.

 

If you want to put rules for several directories inside one file, you can use location directives to say what each set of rules applies to. .htaccess files will also affect directories below the directory they are in, so it is redundant to put them in every directory unless the settings for each directory are different than their parent.

Share this post


Link to post
Share on other sites

The Apache project recommends that instead of using .htaccess files, you put all directives in the main server configuration file, so that Apache does not need to scan for and process .htaccess files in every directory when someone requests a file.

 

I would second this. Here is the Apache documentation that is helpful in implementing this through server configuration instead of .htaccess

https://httpd.apache.org/docs/trunk/rewrite/avoid.html

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0